ISSMP-demo
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ISC2<br />
<strong>ISSMP</strong><br />
CISSP Information Systems Security Management<br />
Professional<br />
Demo Product<br />
To Buy Full Set of Exam Questions, Visit:<br />
http://www.test4direct.com/<strong>ISSMP</strong>.html
Question: 1<br />
Which of the following fields of management focuses on establishing and maintaining consistency of<br />
a system's or product's performance and its functional and physical attributes with its requirements,<br />
design, and operational information throughout its life?<br />
A. Configuration management<br />
B. Risk management<br />
C. Procurement management<br />
D. Change management<br />
Question: 2<br />
Answer: A<br />
Explanation:<br />
Configuration management is a field of management that focuses on establishing and maintaining<br />
consistency of a system's or product's performance and its functional and physical attributes with its<br />
requirements, design, and operational information throughout its life.<br />
Configuration Management System is a subsystem of the overall project management system. It is a<br />
collection of formal documented procedures used to identify and document the functional and<br />
physical characteristics of a product, result, service, or component of the project.<br />
It also controls any changes to such characteristics, and records and reports each change and its<br />
implementation status. It includes the documentation, tracking systems, and defined approval levels<br />
necessary for authorizing and controlling changes. Audits are performed as part of configuration<br />
management to determine if the requirements have been met.<br />
Answer option C is incorrect. The procurement management plan defines more than just the<br />
procurement of team members, if needed. It defines how procurements will be planned and<br />
executed, and how the organization and the vendor will fulfill the terms of the contract.<br />
Answer option B is incorrect. Risk Management is used to identify, assess, and control risks. It<br />
includes analyzing the value of assets to the business, identifying threats to those assets, and<br />
evaluating how vulnerable each asset is to those threats.<br />
Answer option D is incorrect. Change Management is used to ensure that standardized methods and<br />
procedures are used for efficient handling of all changes.<br />
Which of the following are the ways of sending secure e-mail messages over the Internet?<br />
Each correct answer represents a complete solution. Choose two.<br />
A. TLS<br />
B. PGP<br />
C. S/MIME<br />
D. IPSec<br />
Answer: B, C<br />
Explanation:<br />
Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) are two ways
of sending secure e-mail messages over the Internet. Both use public key cryptography, where users<br />
each possess two keys, a public key for encrypting, and a private key for decrypting messages.<br />
Because PGP has evolved from a free distribution, it is more popular than S/MIME.<br />
Answer option A is incorrect. Transport Layer Security (TLS) is an application layer protocol that uses<br />
a combination of public and symmetric key processing to encrypt data.<br />
Answer option D is incorrect. Internet Protocol Security (IPSec) is a standard-based protocol that<br />
provides the highest level of VPN security. IPSec can encrypt virtually everything above the<br />
networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and<br />
password.<br />
IPSec cannot be used with Point-to-Point Tunneling Protocol (PPTP).<br />
Reference: TechNet, Contents: "Ask Us About... Security, October 2000"<br />
Question: 3<br />
You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software<br />
applications on the systems were malfunctioning and also you were not able to access your remote<br />
desktop session. You suspected that some malicious attack was performed on the network of the<br />
company. You immediately called the incident response team to handle the situation who enquired<br />
the Network Administrator to acquire all relevant information regarding the malfunctioning. The<br />
Network Administrator informed the incident response team that he was reviewing the security of<br />
the network which caused all these problems. Incident response team announced that this was a<br />
controlled event not an incident. Which of the following steps of an incident handling process was<br />
performed by the incident response team?<br />
A. Containment<br />
B. Eradication<br />
C. Preparation<br />
D. Identification<br />
Question: 4<br />
Answer: D<br />
Explanation:<br />
According to the question, incident response team announced that this was a controlled event not an<br />
incident. Incident response team performed the identification step to rectify the incident.<br />
Identification is the first post-attack step in Incident handling process. In this phase of the incident<br />
handling process, the Incident Handler determines whether the incident exists or not. An incident is<br />
described as an event in a system or network that poses threat to the environment. Identification of<br />
an incident becomes more difficult with the increase in the complexity of the attack. The Incident<br />
Handler should gather all facts and make decisions on the basis of those facts. Incident Handler<br />
needs to identify the following characteristics of an attack before it can be properly processeD.<br />
Which of the following is the process performed between organizations that have unique hardware<br />
or software that cannot be maintained at a hot or warm site?<br />
A. Cold sites arrangement<br />
B. Business impact analysis<br />
C. Duplicate processing facilities<br />
D. Reciprocal agreements
Question: 5<br />
Answer: D<br />
Explanation:<br />
The reciprocal agreements are arrangements between two or more organizations with similar<br />
equipment and applications. According to this agreement, organizations provide computer time to<br />
each other in the case of an emergency. Theses types of agreements are commonly done between<br />
organizations that have unique hardware or software that cannot be maintained at a hot or warm<br />
site.<br />
Answer option B is incorrect. A business impact analysis (BIA) is a crisis management and business<br />
impact analysis technique that identifies those threats that can impact the business continuity of<br />
operations. Such threats can be either natural or man-made. The BIA team should have a clear<br />
understanding of the organization, key business processes, and IT resources for assessing the risks<br />
associated with continuity. In the BIA team, there should be senior management, IT personnel, and<br />
end users to identify all resources that are to be used during normal operations.<br />
Answer option C is incorrect. The duplicate processing facilities work in the same manner as the hot<br />
site facilities, with the exception that they are completely dedicated, self-developed recovery<br />
facilities. The duplicate facility holds same equipment, operating systems, and applications and<br />
might have regularly synchronized data. The examples of the duplicate processing facilities can be<br />
the large organizations that have multiple geographic locations.<br />
Answer option A is incorrect. A cold site is a backup site in case disaster has taken place in a data<br />
center. This is the least expensive disaster recovery solution, usually having only a single room with<br />
no equipment. All equipment is brought to the site after the disaster. It can be on site or off site.<br />
Which of the following involves changing data prior to or during input to a computer in an effort to<br />
commit fraud?<br />
A. Data diddling<br />
B. Wiretapping<br />
C. Eavesdropping<br />
D. Spoofing<br />
Answer: A<br />
Explanation:<br />
Data diddling involves changing data prior to or during input to a computer in an effort to commit<br />
fraud. It also refers to the act of intentionally modifying information, programs, or documentations.<br />
Answer option C is incorrect. Eavesdropping is the process of listening in private conversations. It<br />
also includes attackers listening in on the network traffic. For example, it can be done over telephone<br />
lines (wiretapping), e-mail, instant messaging, and any other method of communication considered<br />
private.<br />
Answer option D is incorrect. Spoofing is a technique that makes a transmission appear to have come<br />
from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a<br />
hacker modifies packet headers by using someone else's IP address to hide his identity. However,<br />
spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source<br />
IP address causes the responses to be misdirected.<br />
Answer option B is incorrect. Wiretapping is an act of monitoring telephone and Internet<br />
conversations by a third party. It is only legal with prior consent. Legalized wiretapping is generally
practiced by the police or any other recognized governmental authority.<br />
Reference: "http://financial-dictionary.thefreedictionary.com/Data+diddling"<br />
Question: 6<br />
Drag and drop the various evidences in the appropriate places.<br />
Answer:<br />
Explanation:<br />
The various categories of evidences required in forensics can be divided into a number of categories,<br />
depending on its reliability, quality, and completeness. These categories are as follows:<br />
Best evidence: It is the original or primary evidence rather than a copy or duplicate of the evidence.<br />
Secondary evidence: It is a copy of the evidence or an oral description of its contents. It is not as<br />
reliable as the best evidence.Direct evidence: It proves or disproves a specific act through oral<br />
testimony based on information gathered through the witness's five senses.<br />
Conclusive evidence: It is incontrovertible evidence, which overrides all other evidence.
Opinions: The following are the two types of opinions:<br />
1. Expert: It offers an opinion based on personal expertise and facts.<br />
2. Non expert: It can testify only to facts.Circumstantial evidence:It is the inference of information<br />
from other, intermediate, relevant facts.<br />
Hearsay evidence: This evidence is commonly not admissible in court. It is a third-party evidence.<br />
Computer-generated records and other business records fall under the category of hearsay evidence<br />
because these records cannot be proven accurate and reliable.<br />
Reference: CISM Review Manual 2010, Contents: "Incident Management and Response"<br />
Question: 7<br />
Which of the following penetration testing phases involves reconnaissance or data gathering?<br />
A. Attack phase<br />
B. Pre-attack phase<br />
C. Post-attack phase<br />
D. Out-attack phase<br />
Question: 8<br />
Answer: B<br />
Explanation:<br />
The pre-attack phase is the first step for a penetration tester. The pre-attack phase involves<br />
reconnaissance or data gathering. It also includes gathering data from Whois, DNS, and network<br />
scanning, which help in mapping a target network and provide valuable information regarding the<br />
operating system and applications running on the systems. Penetration testing involves locating the<br />
IP block and using domain name Whois to find personnel contact information.<br />
Answer option A is incorrect. The attack phase is the most important phase of penetration testing.<br />
Different exploitive and responsive hacking tools are used to monitor and test the security of systems<br />
and the network. Some of the actions performed in the attack phase are as follows:<br />
Penetrating the perimeter<br />
Escalating privileges<br />
Executing, implanting, and retracting<br />
Answer option C is incorrect. The post-attack phase involves restoring the system to normal pre-test<br />
configurations. It includes removing files, cleaning registry entries, and removing shares and<br />
connections. Analyzing all the results and presenting them in a comprehensive report is also the part<br />
of this phase. These reports include objectives, observations, all activities undertaken, and the<br />
results of test activities, and may recommend fixes for vulnerabilities.<br />
Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a<br />
document to be used to help understand what impact a disruptive event would have on the<br />
business. The impact might be financial or operational. Which of the following are the objectives<br />
related to the above phase in which Mark is involved?<br />
Each correct answer represents a part of the solution. Choose three.<br />
A. Resource requirements identification<br />
B. Criticality prioritization<br />
C. Down-time estimation
D. Performing vulnerability assessment<br />
Question: 9<br />
Question: 10<br />
Answer: A, B, C<br />
Explanation:<br />
The main objectives of Business Impact Assessment (BIA) are as follows:<br />
Criticality prioritization: the entire critical business unit processes must be identified and prioritized,<br />
and the impact of a disruptive event must be evaluated. The non-time-critical business processes will<br />
need a lower priority rating for recovery than time-critical business processes.<br />
Down-time estimation: The Maximum Tolerable Downtime (MTD) is estimated with the help of BIA,<br />
which the business can tolerate and still remain a viable company. For this reason, the longest period<br />
of time a critical process can remain interrupted before the company can never recover. It is often<br />
found that this time period is much shorter than estimated during the BIA process. This means that<br />
the company can tolerate only a much briefer period of interruption than was previously thought.<br />
Resource requirements identification: The identification of the required resources for the critical<br />
processes is also performed at this time, with the most time sensitive processes receiving the most<br />
resource allocation.<br />
Answer option D is incorrect. This is the invalid answer because performing vulnerability assessment<br />
is a step taken by BIA to achieve the above mentioned goals.<br />
Which of the following recovery plans includes specific strategies and actions to deal with specific<br />
variances to assumptions resulting in a particular security problem, emergency, or state of affairs?<br />
A. Business continuity plan<br />
B. Disaster recovery plan<br />
C. Continuity of Operations Plan<br />
D. Contingency plan<br />
Answer: D<br />
Explanation:<br />
A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency<br />
plans include specific strategies and actions to deal with specific variances to assumptions resulting<br />
in a particular problem, emergency, or state of affairs. They also include a monitoring process and<br />
triggers for initiating planned actions.<br />
Answer option B is incorrect. Disaster recovery is the process, policies, and procedures related to<br />
preparing for recovery or continuation of technology infrastructure critical to an organization after a<br />
natural or human-induced disaster.<br />
Answer option A is incorrect. It deals with the plans and procedures that identify and prioritize the<br />
critical business functions that must be preserved.<br />
Answer option C is incorrect. It includes the plans and procedures documented that ensure the<br />
continuity of critical operations during any period where normal operations are impossible.<br />
Which of the following protocols is used with a tunneling protocol to provide security?<br />
A. FTP
B. IPX/SPX<br />
C. IPSec<br />
D. EAP<br />
Question: 11<br />
Question: 12<br />
Answer: C<br />
Explanation:<br />
Internet Protocol Security (IPSec) is used with Layer 2 Tunneling Protocol (L2TP). It is a standardbased<br />
protocol that provides the highest level of virtual private network (VPN) security. IPSec can<br />
encrypt virtually everything above the networking layer. It secures both data and password.<br />
Which of the following subphases are defined in the maintenance phase of the life cycle models?<br />
A. Change control<br />
B. Configuration control<br />
C. Request control<br />
D. Release control<br />
Answer: A, C, D<br />
Explanation:<br />
The subphases of the maintenance phase in the life cycle model are as follows:<br />
Request control: This phase manages the users' requests for changes to the software product and<br />
gathers information that can be used for managing this activity.<br />
Change control: This phase is the most important step in the maintenance phase. Various issues are<br />
addressed by the change control phase. Some of them are as follows:<br />
1.Recreating and analyzing the problem<br />
2.Developing the changes and corresponding tests<br />
3.Performing quality control<br />
Release control: It is associated with issuing the latest release of the software. Release control phase<br />
involves deciding which requests will be included in the new release, archiving of the release,<br />
configuration management, quality control, distribution, and acceptance testing.<br />
Answer option B is incorrect. This is not a valid option.<br />
Reference: CISM Review Manual 2010, Contents: "Information security process management"<br />
Which of the following terms refers to a mechanism which proves that the sender really sent a<br />
particular message?<br />
A. Non-repudiation<br />
B. Confidentiality<br />
C. Authentication<br />
D. Integrity<br />
Answer: A<br />
Explanation:<br />
Non-repudiation is a mechanism which proves that the sender really sent a message. It provides an
evidence of the identity of the senderand message integrity. It also prevents a person from denying<br />
the submission or delivery of the message and the integrity of its contents.<br />
Answer option C is incorrect. Authentication is a process of verifying the identity of a person or<br />
network host.<br />
Answer option B is incorrect. Confidentiality ensures that no one can read a message except the<br />
intended receiver.<br />
Answer option D is incorrect. Integrity assures the receiver that the received message has not been<br />
altered in any way from the original.<br />
Reference: "http://en.wikipedia.org/wiki/Non -repudiation"<br />
Question: 13<br />
Which of the following characteristics are described by the DIAP Information Readiness Assessment<br />
function?<br />
Each correct answer represents a complete solution. Choose all that apply.<br />
A. It performs vulnerability/threat analysis assessment.<br />
B. It identifies and generates IA requirements.<br />
C. It provides data needed to accurately assess IA readiness.<br />
D. It provides for entry and storage of individual system data.<br />
Question: 14<br />
Answer: A, B, C<br />
Explanation:<br />
The characteristics of the DIAP Information Readiness Assessment function are as follows:<br />
It provides data needed to accurately assess IA readiness.<br />
It identifies and generates IA requirements.<br />
It performs vulnerability/threat analysis assessment.<br />
Answer option D is incorrect. It is a function performed by the ASSET system.<br />
Reference: CISM Review Manual 2010, Contents: "Information Security Program Development"<br />
Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the<br />
techniques of programming that he uses in developing an application. Which of the following laws<br />
are used to protect a part of software?<br />
A. Code Security law<br />
B. Trademark laws<br />
C. Copyright laws<br />
D. Patent laws<br />
Answer: D<br />
Explanation:<br />
Patent laws are used to protect the duplication of software. Software patents cover the algorithms<br />
and techniques that are used in creating the software. It does not cover the entire program of the<br />
software. Patents give the author the right to make and sell his product. The time of the patent of a<br />
product is limited though, i.e., the author of the product has the right to use the patent for only a<br />
specific length of time.
Answer option C is incorrect. Copyright laws protect original works or creations of authorship<br />
including literary, dramatic, musical, artistic, and certain other intellectual works.<br />
Question: 15<br />
Which of the following is the best method to stop vulnerability attacks on a Web server?<br />
A. Using strong passwords<br />
B. Configuring a firewall<br />
C. Implementing the latest virus scanner<br />
D. Installing service packs and updates<br />
Explanation:<br />
Answer: D<br />
A vulnerability attack takes advantage of the vulnerabilities in an operating system or software<br />
service by entering the operating system and disrupting its working. The best way to counter such<br />
attacks is to keep the operating system updated with latest service packs and updates.<br />
Answer option B is incorrect. Configuring a firewall is helpful in Denial-of-Service attacks.<br />
Answer option A is incorrect. Using strong passwords is helpful in countering brute force attacks.<br />
Answer option C is incorrect. Virus scanners are used to protect computers from viruses. They do not<br />
help protect computers from attacks.
THANKS FOR TRYING THE DEMO OF OUR PRODUCT<br />
Visit Our Site to Purchase the Full Set of Actual <strong>ISSMP</strong> Exam Questions With Answers.<br />
http://www.test4direct.com/<strong>ISSMP</strong>.html<br />
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has<br />
Many Self-Assessment Features. Download Free Product Demo From:<br />
http://www.test4direct.com/<strong>ISSMP</strong>.html<br />
Money Back Guarantee<br />
Check Out Our Customer Testimonials